Commit Graph

46003 Commits

Author SHA1 Message Date
Sathya Gunasekaran
3e1c00ae97 [scanner] Simplify Scanner::ScanNumber
Change-Id: I5a706b015a36a7a176a03e740f3fc3c406e6a837
Reviewed-on: https://chromium-review.googlesource.com/927263
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51411}
2018-02-21 03:23:39 +00:00
Michael Achenbach
0fae93f401 [foozzie] Migrate configuration choice to V8
Before, configurations were chosen on clusterfuzz side. This migrates
the choice to the V8 repo, to enable easier changing it and to allow
sharing it between different fuzzers.

NOTRY=true
TBR=sergiyb@chromium.org

Bug: chromium:813833
Change-Id: I9890a36fd6aab171d3e13172fc55b274f189e532
Reviewed-on: https://chromium-review.googlesource.com/927681
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51410}
2018-02-21 00:26:06 +00:00
Adam Klein
e282f9afed [bigint] Pretenure BigInt literals
This is the same treatment we give other numeric literals, and seems
sensible since they end up referenced from Ignition's constant pool.

R=jkummerow@chromium.org

Bug: v8:6791
Change-Id: Ia689c709d402e4e87b7d2d22c582108400c25580
Reviewed-on: https://chromium-review.googlesource.com/922283
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51409}
2018-02-21 00:21:46 +00:00
Eric Holk
ef8dae3f3d [wasm] [trap handler] do not leak memory on failure path
There were two failure paths where the CodeProtectionInfo object would not be
freed. This adds a free() on those paths to prevent a memory leak.

Bug: v8:7434
Change-Id: I48d60aee3255d829bf39b51cc30fabaf76b1fb07
Reviewed-on: https://chromium-review.googlesource.com/927746
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51408}
2018-02-21 00:15:19 +00:00
Vasili Skurydzin
d58d1fa72e Fixes to V8 fetch process on AIX
Disable download of prebuild clang binaries on AIX platform when fetching
v8. Affects AIX only.

Change-Id: Ib3ed02c2cb292e4815904cbe5fedfca19c347f81
Reviewed-on: https://chromium-review.googlesource.com/919187
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#51407}
2018-02-20 20:38:15 +00:00
Clemens Hammacher
ba4ab32162 [Liftoff] Prepare for arbitrarily big stack frames
Liftoff currently allocates a stack frame of fixed size for each
function, and bails out if more stack space is needed during code
generation for the function.
This CL prepares the interface and the assemblers on ia32 and x64 to
allow patching of the stack frame size after the whole function body
was generated.

R=mstarzinger@chromium.org, titzer@chromium.org
CC=sreten.kovacevic@mips.com

Bug: v8:6600
Change-Id: Iff54ff65f3e6e13d53ff90ec34b2c5cf7d276d5e
Reviewed-on: https://chromium-review.googlesource.com/925463
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51406}
2018-02-20 20:24:05 +00:00
Justin Ridgewell
f6b6f71ba2 Consolidate UTF-8 Vector<char> to uc16 decoding into Iterator
Too many files know how to deal with decoding, counting, and splitting UTF-8
into uc16 chars. This consolidates several callers who deal with full
(Vector<char>, not streaming) bytes by using a UTF-8 Iterator to decode bytes
into individual uc16 chars.

R=marja@chromium.org

Bug: 
Change-Id: Ia36df3e8c1abd0398415ad23a474557c71c19a01
Reviewed-on: https://chromium-review.googlesource.com/831093
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Justin Ridgewell <jridgewell@google.com>
Cr-Commit-Position: refs/heads/master@{#51405}
2018-02-20 20:04:41 +00:00
Adam Klein
0f617ada3e [parser] Add DCHECKs and remove no-ops from destructuring assignment rewriting
After f1a551800f, we no longer have to
deal with a case where we rewrite destructuring assignments belonging
to some inner function. Remove a bit of code and add DCHECKs to reflect
that fact.

Change-Id: I7553e86d4ae2f6290853eee38f85d2f243b778a9
Reviewed-on: https://chromium-review.googlesource.com/922893
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51404}
2018-02-20 19:23:25 +00:00
Adam Klein
1cee6bfebb [cleanup] Move narrowly-used (and delete unused) globals.h types
Also delete a bit of dead code depending on dead types.

Change-Id: I6cfc7e2f6c8fd006bd0de054bfc3e9f725996741
Reviewed-on: https://chromium-review.googlesource.com/923083
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51403}
2018-02-20 19:18:35 +00:00
Deepti Gandluri
f2cdf9a8fb [wasm] Make ordering of atomic ops consistent
Bug: v8:6532
Change-Id: Ib11f01be1d7fec9107ceb0ee13add83da4b88e95
Reviewed-on: https://chromium-review.googlesource.com/924647
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51402}
2018-02-20 19:16:00 +00:00
Bill Budge
f812038c06 [Memory] Fix OS::Allocate on Windows / Cygwin.
- Changes assert to reflect that we might exceed the number of attempts
  to allocate a padded memory region while attempting to get an aligned
  allocation and return null instead.

Bug: chromium:813587
Change-Id: I0e225f50b7a64a2f2a72de15322525574445efbd
Reviewed-on: https://chromium-review.googlesource.com/926968
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51401}
2018-02-20 19:14:55 +00:00
Gabriel Charette
f64a87c45a [v8] Add finer grain trace events to EVACUATE_COPY step.
This is in an attempt to diagnose why it's seen as a highly idle step
in some traces, e.g.
https://docs.google.com/document/d/1bdlWAWeP3j2yo2DYfeok6URqFCrt57yx-nucGMybGGQ/edit#heading=h.1baa99zf8jc0
https://drive.google.com/file/d/1kLfH1dM5TOJbiD2v_KJsxWXakpd2k-7q/view

R=mlippautz@chromium.org

Bug: chromium:813824
Change-Id: I743d9b7430a3970751398b4c5a4d569fbcae2cbe
Reviewed-on: https://chromium-review.googlesource.com/926844
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Gabriel Charette <gab@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51400}
2018-02-20 19:07:06 +00:00
Michael Achenbach
4a2d9b1b20 [test] Abort testing immediately on interrupt and sigterm
This is a partial revert of:
https://crrev.com/c/890938 and https://crrev.com/c/893982

Before this CL, the test runner blocked on ongoing tests in order to
process their results after an internal timeout. However, the logic
required for this feature was overly complicated and prevented an
acceptable implementation for fast aborts. Furthermore, also the fuzzers
suffered from timeouts on swarming due to hanging tests.

Instead, we now abort immediately on internal timeout (used on
fuzzers), SIGINT (Ctrl-C) and SIGTERM. Ongoing tests are immediately
terminated and their results are disregarded. On SIGTERM and SIGINT,
we return with non-zero exit codes, and zero on internal timeout.

This will also properly return json output, when the external hard
timeout is reached on swarming (causes SIGTERM).

TBR=sergiyb@chromium.org

Bug: v8:7423, chromium:813065
Change-Id: Ib20f835f58a0970693bdd3b21dc5d766d8e115d8
Reviewed-on: https://chromium-review.googlesource.com/924852
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51399}
2018-02-20 18:02:25 +00:00
Ivica Bogosavljevic
d3f2a925ed MIPS: Fix unaligned memory access in hash calculation
During hash calculation, an array type was reinterpreted
from uint16_[] to uint32_t[]. Uint32 arrays have stricter
alignment requirements and these causes failures of several
tests from the debugger suite.

TEST=debugger/debug/debug-eval-scope

Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I463c7aeb56a1010ddfb0c34f8404f05b75e6c466
Reviewed-on: https://chromium-review.googlesource.com/926341
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51398}
2018-02-20 17:06:49 +00:00
Michael Starzinger
5a4af7c142 [turbofan] Make --branch-load-poisoning work with stock snapshot.
This makes sure that an existing unmodified snapshot works together with
the --branch-load-poisoning feature by unconditionally resetting the
underlying register in {CEntryStub::Generate}.

R=mvstanton@chromium.org

Change-Id: I4d9f12a3b45bd7b46eda55a342beadf9b9a4bb8a
Reviewed-on: https://chromium-review.googlesource.com/926365
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51397}
2018-02-20 16:45:38 +00:00
Stephan Herhut
6e547e907e Sanitize nullptr name in wasm profiling events.
For some wasm functions, name information is not available, resulting
in a nullptr being passed to the profiling event listener. While we
probably should have better names, this at least prevents a crash.

Change-Id: I41bd7827124e9c193a076a57d3a134f5df1d6a15
Reviewed-on: https://chromium-review.googlesource.com/926367
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51396}
2018-02-20 16:27:48 +00:00
Tobias Tebbi
07abe39aed [turbofan] simplified lowering: process DeadValue input
Without processing the input, a phi node can be flagged as unused and
replaced with {Dead}, although it is used by a {DeadValue} node.

Bug: chromium:808472
Change-Id: I7446883535b34770e31e4e26e1c242eb05673a91
Reviewed-on: https://chromium-review.googlesource.com/919362
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51395}
2018-02-20 15:13:28 +00:00
Ulan Degenbaev
252e8a1c2d [heap-profiler] Merge embedder nodes and V8 wrapper nodes.
Each DOM node has the corresponding V8 wrapper object. This leads to
apparent duplication in the heap snapshot and may confuse the users.

This patch allows the embedder to specify V8 wrapper for each embedder
node. In the heap snapshot the wrapper node will be merged into the
embedder node. The resulting node will have the same properties as
the embedder node. If the wrapper node name has a tag, then the tag
is also added to the merged node.

Bug: chromium:811925

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I2492f5b28163a78aee707b9ced1b09ac4b203e3f
Reviewed-on: https://chromium-review.googlesource.com/919482
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51394}
2018-02-20 15:04:48 +00:00
Camillo Bruni
da83b61848 [runtime] Fix overzealous check for derived constructor instance size
Bug: chromium:813427
Change-Id: Ie0b096b20f335648e7920c5ebe4ff0fa3b5ab9d5
Reviewed-on: https://chromium-review.googlesource.com/926003
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51393}
2018-02-20 13:28:37 +00:00
Yang Guo
18344ef408 [regexp] make lookbehind assertions non-quantifiable.
Until now lookbehind assertions have been quantifiable in non-unicode regexps.
This seems to be an oversight in the spec.

R=jgruber@chromium.org

Bug: v8:7462
Change-Id: Iad0db441089c7510dd2c42a861db92c05545ce1e
Reviewed-on: https://chromium-review.googlesource.com/926102
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51392}
2018-02-20 11:24:32 +00:00
Yang Guo
7d9ad5a69e [debug] do not leak optimized code into no-side-effect evaluate.
R=bmeurer@chromium.org

Bug: v8:7421
Change-Id: Iacdd8d294c02b7feb72e3a0bb397930e91197ae7
Reviewed-on: https://chromium-review.googlesource.com/926124
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51391}
2018-02-20 11:22:32 +00:00
Benedikt Meurer
e465a4f3be [turbofan] Support inlining of builtins based on SharedFunctionInfo.
This makes the inlining of the default resolve/reject closures generated
by the Promise constructor effective. To be really useful we still need
to have the Promise constructor inlined (work-in-progress) and eventually
track SharedFunctionInfo feedback in the CALL_IC.

Bug: v8:2206, v8:7253
Change-Id: I08fa8ca72754f459ae36027a55377ef57d411cdc
Reviewed-on: https://chromium-review.googlesource.com/926103
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51390}
2018-02-20 11:09:42 +00:00
Peter Marshall
46c199a5c7 [turbofan] Inline promise constructor in turbofan.
Inline the promise constructor when we have one argument and target
matches new_target.

This is not complete, and is sitting behind an experimental flag for
now. We need to fix deoptimization by providing proper frame states.

Create a unittest class for JSCallReducer - just assert whether there
was a change or not, rather than specify the exact graph that should be
produced.

Bug: v8:7253
Change-Id: Ib6886a8feb2799f47cd647853cabcf12a189bc25
Reviewed-on: https://chromium-review.googlesource.com/919282
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51389}
2018-02-20 09:01:51 +00:00
Stephan Herhut
7ecb6a38b9 Implement code creation events for wasm code on native heap
Adds support for generating logging/profiling event when wasm code gets compiled
on the native heap. As code objects on the native heap are not ordinary heap
objects, the existing abstractions for reporting cannot be used. Instead, add
specialized versions for WasmCode objects.

Change-Id: I808618d70142073b3c1b06edef6931f59bed8cf5
Reviewed-on: https://chromium-review.googlesource.com/913308
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51388}
2018-02-20 08:30:31 +00:00
Benedikt Meurer
be6d129207 [turbofan] Optimize promise resolution.
This CL introduces new operators JSFulfillPromise and JSPromiseResolve,
corresponding to the specification operations with the same name, and
uses that to lower calls to Promise.resolve() builtin to JSPromiseResolve.

We also optimize JSPromiseResolve and JSResolvePromise further based on
information found about the value/resolution in the graph. This applies
to both Promise.resolve() builtin calls and implicit resolve operations
in async functions and async generators.

On a very simple microbenchmark like

  console.time('resolve');
  for (let i = 0; i < 1e8; ++i) Promise.resolve({i});
  console.timeEnd('resolve');

this CL reduces the execution time from around 3049ms to around 947ms,
which is a pretty significant 3x improvement. On the wikipedia benchmark
we observe an improvement around 2% with this CL.

Bug: v8:7253
Change-Id: Ic69086cdc1b724f35dbe83305795539c562ab817
Reviewed-on: https://chromium-review.googlesource.com/913488
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51387}
2018-02-20 08:10:01 +00:00
Deepti Gandluri
1c71991ab6 Delete unused macro, add missing undefs
Change-Id: Icfacb59e7c90ee696fd7242f4441cfb2965f490b
Reviewed-on: https://chromium-review.googlesource.com/924626
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51386}
2018-02-20 08:02:51 +00:00
Clemens Hammacher
dcd31ef223 [Liftoff] Refactor binops
Remove code duplication by having one method for generating the code
for binary operations, templatized by the actual instruction(s) to emit
for the operation.

R=titzer@chromium.org

Bug: v8:6600
Change-Id: I6303475682416727e6a6c9c4ec33ca1cde112092
Reviewed-on: https://chromium-review.googlesource.com/924862
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51385}
2018-02-20 07:59:11 +00:00
Sigurd Schneider
e1ca671e45 [debug] Ensure breaking on inlined builtins works
This ensures that breaking on inlined builtins works, even when
compiling concurrently. This CL also introduces the member
Isolate::AbortConcurrentOptimization.

R=sigurds@chromium.org

Bug: v8:178
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ie6cbb48ebde18036888af2dd715862e7a14ddf9d
Reviewed-on: https://chromium-review.googlesource.com/912468
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51384}
2018-02-20 07:52:51 +00:00
Mostyn Bramley-Moore
b3bf446ed2 [jumbo] fix kGlobalHandleLabel redefinition
Followup after https://chromium-review.googlesource.com/c/v8/v8/+/919063

Bug: chromium:811842
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I8e8a4a6d9192d39502514c5a19539965b74b1681
Reviewed-on: https://chromium-review.googlesource.com/925603
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Mostyn Bramley-Moore <mostynb@vewd.com>
Cr-Commit-Position: refs/heads/master@{#51383}
2018-02-20 07:33:41 +00:00
Benedikt Meurer
d97bb31738 [async-await] Turn await closures into intrinsics.
There's no need to have the AsyncFunctionAwait/AsyncGeneratorAwait
operations as separate closures that are called via JavaScript calling
convention, but instead we can just have them as intrinsics (with the
goal to eventually turn them into IC stubs).

Drive-by-fix: Tail call to the ResumeGenerator builtin when resuming
an async function. The earlier restrictions no only apply with the new
machinery.

Bug: v8:7253
Change-Id: I0c4d04dae15b4211158fc07151adafda69d4faec
Reviewed-on: https://chromium-review.googlesource.com/924703
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51382}
2018-02-20 06:39:01 +00:00
v8-autoroll
99fcd7bb1f Update V8 DEPS.
Rolling v8/build: e2c6aae..10345cd

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/4aa92ef..8273e47

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: Iabdb565357af2ab1a156b013068230a58377b69e
Reviewed-on: https://chromium-review.googlesource.com/925805
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51381}
2018-02-20 04:59:00 +00:00
Clemens Hammacher
9ba71e656d [test] Skip fewer tests on endurance fuzzer
The "FreezeWasmLazyCompilation" runtime function can only be invoked if
--wasm-lazy-compilation is passed. Hence the "lazy-compilation.js" test
must be skipped. The other tests are not affected by this, thus un-skip
them.

R=machenbach@chromium.org

Bug: v8:7400
Change-Id: Id521938ae651b4a67510e42aa69e17b5e0b14a0a
Reviewed-on: https://chromium-review.googlesource.com/923967
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51380}
2018-02-19 17:53:39 +00:00
Michael Starzinger
f8610a719f [assembler] Make {PredictableCodeSizeScope} more robust.
R=clemensh@chromium.org

Change-Id: Ia7c18afb10b4198b690b3bc788b8969595d6b0de
Reviewed-on: https://chromium-review.googlesource.com/925303
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51379}
2018-02-19 17:42:09 +00:00
Camillo Bruni
539d6ffe03 [tests] Mark regression test as slow
Change-Id: Idbee9b7b8077a9fd2ffa4a2a010ae7d44b98e31e
Reviewed-on: https://chromium-review.googlesource.com/924198
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51378}
2018-02-19 17:32:29 +00:00
Peter Marshall
81a3742a88 [typedarray] Port TypedArray.from to CSA.
Factor out IterableToList into a helper stub to save space. There are
two callers now, TypedArrayFrom and ConstructByIterable, and it is
~2.5kb so we save space by doing this.

Increase test coverage to cover more of the branching in CSA.

This is doesn't follow the control flow in the spec exactly - see the
big code comment for an explanation.

Change-Id: Ief39e93c4202cb7bf0e28a39dc6aa81b8b9c59d2
Reviewed-on: https://chromium-review.googlesource.com/908755
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51377}
2018-02-19 16:49:39 +00:00
sreten.kovacevic
19e65114a1 [Liftoff][mips] Implement i32 ops
Implement i32 binops, unops and shiftops on MIPS architecture.

Bug: v8:6600
Change-Id: Ibd17f840e6754c9eac2fb0bc61c3461e42734703
Reviewed-on: https://chromium-review.googlesource.com/919161
Commit-Queue: Sreten Kovacevic <sreten.kovacevic@mips.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51376}
2018-02-19 16:37:29 +00:00
Clemens Hammacher
6ac2579f23 [Liftoff] Fix result type of f64 binops
The result of an f64 binop was marked as f32 on Liftoffs value stack.
This lead to errors and is fixed in this CL.
I plan to clean up all binop implementions in a follow-up CL.

R=titzer@chromium.org

Bug: chromium:812005, v8:6600
Change-Id: I5bcd5c2e7d2b6170ef60f5e83cf2876b3475c38a
Reviewed-on: https://chromium-review.googlesource.com/924025
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51375}
2018-02-19 16:12:30 +00:00
Tobias Tebbi
2579951648 [turbofan] Masking/poisoning in codegen (optimized code, arm)
This introduces masking of loads with speculation bit during code generation.
At the moment, this is done only under the
--branch-load-poisoning flag, and this CL enlarges the set of supported
platforms from {x64} to {x64, arm}.

Overview of changes:
- new register configuration configuration with one register reserved for
  the speculation poison/mask (kSpeculationPoisonRegister).
- in codegen, we introduce an update to the poison register at the starts
  of all successors of branches (and deopts) that are marked as safety
  branches (deopts).
- in memory optimizer, we lower all field and element loads to PoisonedLoads.
- poisoned loads are then masked in codegen with the poison register.
  * only integer loads are masked at the moment.

Bug: chromium:798964
Change-Id: I37f5531fd18a96038ea8b059641e3dfc852c2d34
Reviewed-on: https://chromium-review.googlesource.com/913354
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51374}
2018-02-19 15:25:23 +00:00
Caitlin Potter
e56eac022f [esnext] fix tagged template caching strategy for eval caching
Previously, eval caching was only disabled if the root eval body code
contained a tagged template. Per discussion on
https://github.com/tc39/ecma262/pull/890, this is incorrect.

This change tracks if eval caching is allowed during parsing, and
uses this information to decide to insert
new entries into the cache, or not.

This change also removes the TemplateObject feedback kind, as it's no
longer needed (behaves the same as Literal feedback).

BUG=v8:3230, v8:2891
R=littledan@chromium.org, yangguo@chromium.org, bmeurer@chromium.org,
rmcilroy@chromium.org

Change-Id: Ib75abe9159baf4d8ad10f8de99d2152714bd0094
Reviewed-on: https://chromium-review.googlesource.com/916945
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51373}
2018-02-19 15:15:01 +00:00
Gabriel Charette
431c473b74 Reland: Add a trace event when pausing/preempting concurrent marking.
Reland reason : not the culprit.

This will let us identify in traces whether unwinding after receiving
the preemption event is slower than desired and should be optimized.

Adding it to pausing while working on removing it in
https://chromium-review.googlesource.com/c/v8/v8/+/922103
will allow gathering traces that highlight the issue.

R=ulan@chromium.org

Bug: chromium:812178
Change-Id: I0dc0f6754980157674968ba4a868f12c779e69bc
Reviewed-on: https://chromium-review.googlesource.com/923989
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Gabriel Charette <gab@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51372}
2018-02-19 15:04:51 +00:00
Gabriel Charette
ac17ba0e56 Reland "Introduce ConcurrentMarking::StopRequest API."
This is a reland of f4b4109936.

Not expected to be the culprit of the 4 CL revert.

Original change's description:
> Introduce ConcurrentMarking::StopRequest API.
>
> This was extracted from https://chromium-review.googlesource.com/c/v8/v8/+/924073/10
> after it became clear that using COMPLETE_TASKS/PREEMPT_TASKS where
> it should make sense to doesn't work in practice for now.
>
> Experimental CLs which led to the above conclusion:
>  - https://chromium-review.googlesource.com/c/v8/v8/+/924865
>    (COMPLETE or CANCEL -- still broken)
>  - https://chromium-review.googlesource.com/c/v8/v8/+/924866
>    (CANCEL only, as before, works)
>  - https://chromium-review.googlesource.com/c/v8/v8/+/924028
>    (CANCEL and PREEMPT -- broken as well)
>
> Introducing this unittested API allows to reduce the size
> of the CLs causing hard-to-diagnose bots-only failures
> and fix them individually follow-ups @
>
>  1) https://chromium-review.googlesource.com/c/v8/v8/+/924029
>  2) https://chromium-review.googlesource.com/c/v8/v8/+/924031
>  3) https://chromium-review.googlesource.com/c/v8/v8/+/924030
>
> Bug: chromium:812178
> Change-Id: Icdac456e9f7874b0c4b321ccdb8898297dad7d73
> Reviewed-on: https://chromium-review.googlesource.com/924867
> Commit-Queue: Gabriel Charette <gab@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51353}

Bug: chromium:812178
Change-Id: Iaa32f9cc6b2fa7004c7fae1f79aa4b00f5f8f34c
Reviewed-on: https://chromium-review.googlesource.com/924006
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51371}
2018-02-19 14:46:44 +00:00
Clemens Hammacher
0b85c65e4d [assembler] Fix and document emitted debug code
There is a debug check to check that an embedded code object is patched
correctly. This check only makes sense if the code object was indeed
pushed to the stack, otherwise we are checking the type marker.
This CL fixes this check and adds a line of documentation.

R=mstarzinger@chromium.org

Change-Id: I5bc1454232cdbf2e9fef6eb41f7c7a20f31a5250
Reviewed-on: https://chromium-review.googlesource.com/924154
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51370}
2018-02-19 14:45:38 +00:00
Michael Starzinger
c5372a50a1 [simulator] Fix missing lock guard for I-cache flush.
R=clemensh@chromium.org
BUG=v8:7456

Change-Id: I5b7c151d375267a6a8a24c611b8a13fe38619656
Reviewed-on: https://chromium-review.googlesource.com/924036
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51369}
2018-02-19 14:44:29 +00:00
Clemens Hammacher
52c75d94f4 [Liftoff] Add support for br_table
This implements the br_table instruction in LiftoffCompiler by emitting
a binary search tree.

R=titzer@chromium.org

Bug: v8:6600
Change-Id: I89c11501dd3a41556d2fab68af1afbe8c4855d36
Reviewed-on: https://chromium-review.googlesource.com/921641
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51368}
2018-02-19 14:43:27 +00:00
Stephan Herhut
3b22899590 Set the VMA address in linux perf records
Set the VMA address for jitted code to the address of the code. This
should be the correct value, as the code got loaded to that address at
runtime.

Change-Id: I6ce9181d940dd4568d93a92e98d206f3c6546ebc
Reviewed-on: https://chromium-review.googlesource.com/915923
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51367}
2018-02-19 14:42:24 +00:00
sreten.kovacevic
d4f73e7619 [mips] Add Ctz and Popcnt as macro assembler instructions
Since these instructions will be used in liftoff as well as they
are used in code generator, they are transfered to macro assembler.

Change-Id: I48e60ccc7586252374bc66b7b72bbe23c2d0c0a6
Reviewed-on: https://chromium-review.googlesource.com/924194
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#51366}
2018-02-19 14:41:09 +00:00
Clemens Hammacher
b8a727e14c Revert "Introduce ConcurrentMarking::StopRequest API."
This reverts commit f4b4109936.

Reason for revert: Several GC failures, e.g. https://build.chromium.org/p/client.v8/builders/V8%20Linux/builds/23236, https://build.chromium.org/p/client.v8/builders/V8%20Mac/builds/18390 

Original change's description:
> Introduce ConcurrentMarking::StopRequest API.
> 
> This was extracted from https://chromium-review.googlesource.com/c/v8/v8/+/924073/10
> after it became clear that using COMPLETE_TASKS/PREEMPT_TASKS where
> it should make sense to doesn't work in practice for now.
> 
> Experimental CLs which led to the above conclusion:
>  - https://chromium-review.googlesource.com/c/v8/v8/+/924865
>    (COMPLETE or CANCEL -- still broken)
>  - https://chromium-review.googlesource.com/c/v8/v8/+/924866
>    (CANCEL only, as before, works)
>  - https://chromium-review.googlesource.com/c/v8/v8/+/924028
>    (CANCEL and PREEMPT -- broken as well)
> 
> Introducing this unittested API allows to reduce the size
> of the CLs causing hard-to-diagnose bots-only failures
> and fix them individually follow-ups @
> 
>  1) https://chromium-review.googlesource.com/c/v8/v8/+/924029
>  2) https://chromium-review.googlesource.com/c/v8/v8/+/924031
>  3) https://chromium-review.googlesource.com/c/v8/v8/+/924030
> 
> Bug: chromium:812178
> Change-Id: Icdac456e9f7874b0c4b321ccdb8898297dad7d73
> Reviewed-on: https://chromium-review.googlesource.com/924867
> Commit-Queue: Gabriel Charette <gab@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51353}

TBR=gab@chromium.org,ulan@chromium.org,mlippautz@chromium.org

Change-Id: Ia001cc81c6a7bc030b54d3aa9b9bcecc833300e6
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:812178
Reviewed-on: https://chromium-review.googlesource.com/925302
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51365}
2018-02-19 13:59:18 +00:00
Clemens Hammacher
1986ee4867 Revert "Add a trace event when pausing/preempting concurrent marking."
This reverts commit 4b49f84434.

Reason for revert: Several GC failures, e.g. https://build.chromium.org/p/client.v8/builders/V8%20Linux/builds/23236, https://build.chromium.org/p/client.v8/builders/V8%20Mac/builds/18390 

Original change's description:
> Add a trace event when pausing/preempting concurrent marking.
> 
> This will let us identify in traces whether unwinding after receiving
> the preemption event is slower than desired and should be optimized.
> 
> Adding it to pausing while working on removing it in
> https://chromium-review.googlesource.com/c/v8/v8/+/922103
> will allow gathering traces that highlight the issue.
> 
> R=​mlippautz@chromium.org
> 
> Bug: chromium:812178
> Change-Id: I0555c6825e0792769c9ae2d748d7cc35df4f6fed
> Reviewed-on: https://chromium-review.googlesource.com/924122
> Commit-Queue: Gabriel Charette <gab@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51354}

TBR=gab@chromium.org,mlippautz@chromium.org

Change-Id: I37a82e488de51d5ae4d7ed795b82ea9649c4a5f9
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:812178
Reviewed-on: https://chromium-review.googlesource.com/924426
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51364}
2018-02-19 13:58:16 +00:00
Clemens Hammacher
027b012d67 Revert "Preempt ConcurrentMarking tasks instead of merely pausing in PauseScope."
This reverts commit e9750cb806.

Reason for revert: Several GC failures, e.g. https://build.chromium.org/p/client.v8/builders/V8%20Linux/builds/23236, https://build.chromium.org/p/client.v8/builders/V8%20Mac/builds/18390 

Original change's description:
> Preempt ConcurrentMarking tasks instead of merely pausing in PauseScope.
> 
> Follow-up to https://chromium-review.googlesource.com/c/v8/v8/+/924867
> 
> This is the core goal of the initial CL @
> https://chromium-review.googlesource.com/c/v8/v8/+/922103
> which was since split into multiple to diagnose a bots-only failure.
> 
> Bug: chromium:812178
> Change-Id: I4c4e0b517737e020862917bd89fa6ce38244e597
> Reviewed-on: https://chromium-review.googlesource.com/924031
> Commit-Queue: Gabriel Charette <gab@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51356}

TBR=gab@chromium.org,ulan@chromium.org,mlippautz@chromium.org

Change-Id: Ic095e32708e58acbe5955bf29e65af34c59d321e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:812178
Reviewed-on: https://chromium-review.googlesource.com/925301
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51363}
2018-02-19 13:57:12 +00:00
Clemens Hammacher
773c70b65c Revert "Preempt ConcurrentMarking tasks ASAP when cancelling marking."
This reverts commit 8b53b9d908.

Reason for revert: Several GC failures, e.g. https://build.chromium.org/p/client.v8/builders/V8%20Linux/builds/23236, https://build.chromium.org/p/client.v8/builders/V8%20Mac/builds/18390 

Original change's description:
> Preempt ConcurrentMarking tasks ASAP when cancelling marking.
> 
> Follow-up to https://chromium-review.googlesource.com/c/v8/v8/+/924867
> 
> Bug: chromium:812178
> Change-Id: I2abe28c6e953df42cffdcbd7ea35df9d29849905
> Reviewed-on: https://chromium-review.googlesource.com/924030
> Commit-Queue: Gabriel Charette <gab@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51357}

TBR=gab@chromium.org,ulan@chromium.org,mlippautz@chromium.org

Change-Id: Ic4e226fdd02d8259244cef46e9923c95e6606cc4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:812178
Reviewed-on: https://chromium-review.googlesource.com/924425
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51362}
2018-02-19 13:56:07 +00:00